1
How do I search for a sequence of bytes (FEEDFEED00000002) in hex code and display 1000 bytes after this sequence?
It's the beginning of a lost file I am looking for on a Linux partition. This command outputs harddrive contents in hex code:
sudo cat /dev/sda1 | hexdump -v -e '"" 1/1 "%02X" ""'
# output is FF45D5003E... etc
I need to search for FEEDFEED00000002 in the output.
fhucho
Posted 2010-08-17T13:42:39.707
Reputation: 171
2
grep can search for binary patterns, it may be more efficient than examining the output of hexdump, which will be roughly 3 times larger:
grep -b `echo -e "\xFE\xED\xFE\xED.."` /dev/sda1 | cut -d: -f1 >offsets
Will give you the byte offsets; then you could extract 1k blocks with
for o in `cat offsets`
do
dd if=/dev/sda1 of=block.{$o} bs=1 count=1000 skip=$o
done
Which will create one file per matching offset. You can always run hexdump on these afterwards.
b0fh
Posted 2010-08-17T13:42:39.707
Reputation: 2 005